Help

Block firmware password and boot device choice

danielgrm
New Contributor III

Posted on ‎04-23-2019 02:31 PM

I have been tasked with with creating some solution where the end user cannot do the following

  1. Change the firmware password or set it
  2. Pick a different boot device than the hard drive.

These changes are being mandated by our security team. I did about an hour work of googling and saw nothing good. I know there are some firmware utility options being baked into High sierra, but we currently have a migration going on and the bar has been set fairly low. I have to be able to do this on el capitan or at least try. Has anyone run into this before? If so how did you solve it?

Thanks

Dan

0 Kudos
Reply
1 REPLY 1

adamcodega
Valued Contributor

Posted on ‎04-23-2019 06:46 PM

You can set or change a Mac firmware password (if you know the current password) using a policy. Jamf documentation here.

If you set a firmware password, then it prevents users who don't have the password from starting up from any disk other than the designated startup disk. It also prevents using some startup key combinations. Apple documentation here.

Reply